CAS 6.0.0-RC3-SNAPSHOT LDAP Authentication failed
136 views
Skip to first unread message
casuser
Oct 24, 2018, 6:11:37 AM10/24/18
to CAS Community
We are currently using CAS 5.2 and the current properties for LDAP authentication, we were trying to using the same for version 6 except the userFiler which is changed to searchFilter but still we can't connect to the LDAP. In the logs it's nothing even in the debug mode
2018-10-24 17:49:12,211 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST when the web server is restarted. Ideally for production, you need to choose a storage option (JDBC, etc) to store and track service definitions.>
2018-10-24 17:49:12,212 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-10-24 17:49:58,889 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: testuser
WHAT: Supplied credentials: [UsernamePasswordCredential(username=testuser, source=null)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Oct 24 17:49:58 MYT 2018
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
2018-10-24 17:49:12,212 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-10-24 17:49:58,889 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: testuser
WHAT: Supplied credentials: [UsernamePasswordCredential(username=testuser, source=null)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Oct 24 17:49:58 MYT 2018
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
below is the properties
cas.authn.accept.users=
## # LDAP ## cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://ldapofmyorg.com:389 cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].baseDn=DC=edu,DC=my cas.authn.ldap[0].userFilter=sAMAccountName={user} cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].bindDn=CN=example,DC=edu,DC=my cas.authn.ldap[0].bindCredential= cas.authn.ldap[0].dnFormat=uid=%s,DC=edu,DC=my cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributePassword= cas.authn.ldap[0].principalAttributeList=sAMAccountName,sn,cn,givenName,displayName,mail,memberOf,userPrincipalName,department,title,distinguishedName cas.authn.ldap[0].failFast=false # Default values: cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=10 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=600 cas.authn.ldap[0].idleTime=5000 cas.authn.ldap[0].prunePeriod=5000 cas.authn.ldap[0].blockWaitTime=5000
We have tried in 5.3 maven overley and we have the same issue.
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<!--
...Additional dependencies may be placed here...
-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
this is the build.gradle dependency section
dependencies {
if (project.hasProperty("external")) {
compile "org.apereo.cas:cas-server-webapp:${project.casVersion}"
compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
} else {
compile "org.apereo.cas:cas-server-webapp${project.appServer}:${project.casVersion}"
}
// Other dependencies may be listed here...
}
Ray Bon
Oct 24, 2018, 1:01:15 PM10/24/18
to cas-...@apereo.org
Put your support-ldap dependency after the if else; actually after '// Other dependencies may be listed here...'.
Ray
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
casuser
Oct 24, 2018, 9:23:29 PM10/24/18
to CAS Community
Hello Ray,
Thanks for the reply.
I have added my ldap dependency after '// Other dependencies may be listed here...'.. But I still have the same error.
2018-10-25 08:48:50,488 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=myuser, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.
I guess this is happening because cas can't find the source as mention in the error earlier source=null. But with the same properties it is working in CAS 5.2
casuser
Oct 24, 2018, 11:23:54 PM10/24/18
to CAS Community
It works now
just needed to change the values of the following properties
cas.authn.ldap[0].allowMultipleDns=false
cas.authn.ldap[0].type=AUTHENTICATED
Reply all
Reply to author
Forward
0 new messages